首頁 探索 說明
登入
GfA
/
linux_kernel
5
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

netfilter: nf_conntrack_h323: lookup route from proper net namespace

Signed-off-by: Vasily Averin <vvs@parallels.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Vasily Averin 10 年之前
父節點
e59ea3df3f
當前提交
2c7b5d5dac
共有 1 個文件被更改,包括 8 次插入6 次删除
分割檢視 顯示文件統計
  1. 8 6
      net/netfilter/nf_conntrack_h323_main.c

+ 8 - 6
net/netfilter/nf_conntrack_h323_main.c
查看文件 

@@ -728,7 +728,8 @@ static int expect_h245(struct sk_buff *skb, struct nf_conn *ct,
 
 
 /* If the calling party is on the same side of the forward-to party,
 
  * we don't need to track the second call */
 
-static int callforward_do_filter(const union nf_inet_addr *src,
 
+static int callforward_do_filter(struct net *net,
 
+				 const union nf_inet_addr *src,
 
 				 const union nf_inet_addr *dst,
 
 				 u_int8_t family)
 
 {
 
@@ -750,9 +751,9 @@ static int callforward_do_filter(const union nf_inet_addr *src,
 
 
 		memset(&fl2, 0, sizeof(fl2));
 
 		fl2.daddr = dst->ip;
 
-		if (!afinfo->route(&init_net, (struct dst_entry **)&rt1,
 
+		if (!afinfo->route(net, (struct dst_entry **)&rt1,
 
 				   flowi4_to_flowi(&fl1), false)) {
 
-			if (!afinfo->route(&init_net, (struct dst_entry **)&rt2,
 
+			if (!afinfo->route(net, (struct dst_entry **)&rt2,
 
 					   flowi4_to_flowi(&fl2), false)) {
 
 				if (rt_nexthop(rt1, fl1.daddr) ==
 
 				    rt_nexthop(rt2, fl2.daddr) &&
 
@@ -774,9 +775,9 @@ static int callforward_do_filter(const union nf_inet_addr *src,
 
 
 		memset(&fl2, 0, sizeof(fl2));
 
 		fl2.daddr = dst->in6;
 
-		if (!afinfo->route(&init_net, (struct dst_entry **)&rt1,
 
+		if (!afinfo->route(net, (struct dst_entry **)&rt1,
 
 				   flowi6_to_flowi(&fl1), false)) {
 
-			if (!afinfo->route(&init_net, (struct dst_entry **)&rt2,
 
+			if (!afinfo->route(net, (struct dst_entry **)&rt2,
 
 					   flowi6_to_flowi(&fl2), false)) {
 
 				if (ipv6_addr_equal(rt6_nexthop(rt1),
 
 						    rt6_nexthop(rt2)) &&
 
@@ -807,6 +808,7 @@ static int expect_callforwarding(struct sk_buff *skb,
 
 	__be16 port;
 
 	union nf_inet_addr addr;
 
 	struct nf_conntrack_expect *exp;
 
+	struct net *net = nf_ct_net(ct);
 
 	typeof(nat_callforwarding_hook) nat_callforwarding;
 
 
 	/* Read alternativeAddress */
 
@@ -816,7 +818,7 @@ static int expect_callforwarding(struct sk_buff *skb,
 
 	/* If the calling party is on the same side of the forward-to party,
 
 	 * we don't need to track the second call */
 
 	if (callforward_filter &&
 
-	    callforward_do_filter(&addr, &ct->tuplehash[!dir].tuple.src.u3,
 
+	    callforward_do_filter(net, &addr, &ct->tuplehash[!dir].tuple.src.u3,
 
 				  nf_ct_l3num(ct))) {
 
 		pr_debug("nf_ct_q931: Call Forwarding not tracked\n");
 
 		return 0;